FIG. 1 depicts a high-level block diagram of a conventional computer system 10 that includes a conventional central system 12 and multiple conventional distributed systems 14, 16, 18, and 20. The conventional distributed systems 14, 16, 18, and 20 can be viewed as communicating with the conventional central system 12 via pipes 13, 15, 17, and 19, respectively. Examples of such conventional computer systems 10 include intrusion detection systems in which the conventional central system 12 detects intrusions based upon distributed clients 14, 16, 18, and 20 that detect input to the conventional computer system 10. Such conventional distributed systems 14, 16, 18, and 20 then alert the conventional central system 10 of the intrusions by providing data packets via pipes 13, 15, 17, and 19, respectively. In the event of an attack, the conventional central computer system 12 may be able to prevent failure of the conventional computer system 10 due to such attacks. Other examples of such systems includes bridge computing or other systems which employ distributed systems, such as the conventional clients 14, 16, 18, and 20 that communicate directly to a conventional central system 12.
Although the system 10 functions, one of ordinary skill in the art will readily realize that the flow of data packets from the multiple conventional distributed systems 14, 16, 18, and 20 through the conventional pipes 13, 15, 17, and 19 is unregulated. In particular, it is possible for the traffic through the conventional pipes 13, 15, 17, and 19 to be sufficiently high that the conventional central system 10 is overwhelmed. For example, if the conventional computer system 10 is being attacked by a flood of packets being denied service (a denial of service attack), then one or more of the conventional distributed systems 14, 16, 18, and 20 may overwhelm the conventional central system 12 by providing an alert for each denial of service. Similarly, if the conventional distributed systems 14, 16, 18, and 20 are simply conventional clients linked to the conventional central system 12 and there is some interruption of service or other accident, one or more of the conventional distributed systems 14, 16, 18, and 20 may provide the conventional central system 12 with multiple notifications of the accident via the conventional pipes 13, 15, 17, and 19, respectively. As a result, the conventional system 10 may fail.
Although there may be many conventional methods for preventing a failure of the conventional system 10 despite unregulated traffic from the conventional distributed systems 14, 16, 18, and 20. For example, a maximum threshold may be placed on traffic from one or more of the pipes 13, 15, 17, and 19. If traffic though the pipes 13, 15, 17, or 19 exceeds this threshold, then the data packets are discarded. However, discarding of packets is undesirable if the excessive flow of data packets is not due to an attack. Furthermore, in some instances, the allocation of resources such as bandwidth might be changed to account for high traffic to the conventional central system 12 from some portion of the distributed systems 14, 16, 18, and 20.
Accordingly, what is needed is a system and method for better controlling traffic from distributed systems to a central system. The present invention addresses such a need.